131102 matches found
WordPress plugin Autolinks cross-site request forgery vulnerability
WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. WordPress plugin Autolinks has a cross-site request forgery vulnerability, which can be exploited by remote attackers to perform...
Amazon AWS VPN Client has an unspecified vulnerability
Amazon AWS VPN Client is a fully managed remote access VPN solution from Amazon.com, Inc. A security vulnerability exists in Amazon AWS VPN Client for Windows version 2.0.0, which stems from the disclosure of a user's Net-NTLMv2 hash when importing VPN configuration files. information, an attacke...
Microsoft Windows Telephony Serve Elevation of Privilege Vulnerability
Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Telephony Server. The vulnerability stems from an incorrect programmatic call to an advanced local procedure. An...
RiteCMS path traversal vulnerability
RiteCMS is a web CMS. A path traversal vulnerability exists in RiteCM, which can be exploited by an authenticated attacker to delete any file in the web root directory...
Unspecified vulnerability in iot-device-sdk-embedded-c
iot-device-sdk-embedded-c is an application plugin. The Google Cloud IoT Device SDK for embedded C is an easily portable open source C library that connects low-end IoT devices to Google Cloud IoT Core. iot-device-sdk-embedded-c suffers from a security vulnerability that stems from the...
Microsoft Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
An information disclosure vulnerability exists in Microsoft Windows Hyper-V Shared Virtual Hard Disks, a tool from Microsoft Corporation that provides hardware virtualization. The vulnerability stems from errors in the configuration of the network system or product during operation. An attacker...
Microsoft Windows iSCSI Target Service Information Disclosure Vulnerability
Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An information disclosure vulnerability exists in Microsoft Windows iSCSI Target Service. The vulnerability arises from a configuration or other error in the operation of a networked...
Microsoft Windows Win32k Elevation of Privilege Vulnerability (CNVD-2022-62516)
Microsoft Windows Win32k is a system file for Windows multi-user management from Microsoft Corporation USA. Microsoft Windows Win32k has an elevation of privilege vulnerability that could be exploited by attackers to execute arbitrary code with elevated privileges...
Jenkins promoted builds Plugin cross-site scripting vulnerability
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A cross-site scripting vulnerability exists in the Jenkins promoted builds Plugin, which stems from the application not...
KevinLAB Building Energy Management System跨站请求伪造漏洞
KevinLAB Building Energy Management System is a building energy management system from KevinLAB Korea.A cross-site request forgery vulnerability exists in KevinLAB Building Energy Management System version 4ST BEMS 1.0.0 and is currently No detailed vulnerability details are available...
Huawei HarmonyOS Business Logic Error Vulnerability (CNVD-2022-53579)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A business logic error vulnerability exists in the Huawei HarmonyOS communication module. The vulnerability stems from a business logic error in the...
ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-57816)
ZoneMinder is an open source video surveillance software system. ZoneMinder 1.32.3 and earlier versions have a cross-site scripting vulnerability, which stems from the fact that the program is not properly filtered and can be exploited by remote attackers to execute HTML or JavaScript code with t...
Bentley MicroStation CONNECT Code Execution Vulnerability (CNVD-2022-65621)
Bentley MicroStation CONNECT is a Cad software platform for 2D and 3D design and drafting.A code execution vulnerability exists in Bentley MicroStation CONNECT, which can be exploited by attackers to execute code in the context of the current process...
KONGA elevation of privilege vulnerability
KONGA is a full-featured open source, multi-user GUI from Dutch individual developer Panagis Tselentis. version 0.14.9 of KONGA contains an elevation of privilege vulnerability that could be exploited by attackers to gain full administrative access...
Rapid7 Nexpose has an unspecified vulnerability (CNVD-2022-21218)
Rapid7 Nexpose is a set of vulnerability management software from Rapid7, Inc. that can use the scan results to deeply probe the network. The software supports scanning configuration environments for errors, vulnerabilities, malware, etc. Rapid7 Nexpose 6.6.129 and previous versions have a securi...
Huawei Emui and Magic UI Denial of Service Vulnerability (CNVD-2022-20298)
Huawei Emui is a mobile operating system developed on Android. magic Ui is a mobile operating system developed on Android. a denial of service vulnerability exists in Huawei Emui and Magic UI, which stems from copying the input buffer in the video framework without checking its size. An attacker...
Mattermost Server Buffer Overflow Vulnerability (CNVD-2022-65355)
Mattermost Server is an open source messaging platform from Mattermost, Inc. A buffer overflow vulnerability exists in Mattermost Server versions 6.3.2 and below, which stems from the fact that Mattermost Server's document extractor does not properly validate data boundaries when performing...
Huawei Emui and Magic UI Nearby module licensing issue vulnerability
Huawei Emui is a mobile operating system developed on Android. magic Ui is a mobile operating system developed on Android. Huawei Emui and Magic UI Nearby modules are vulnerable to authorization issues that could be exploited by attackers to compromise availability and integrity...
TP-Link Omada Controller Software Licensing Issue Vulnerability
TP-Link Omada Controller Software is a set of software from Tp-link that supports the management of wireless access points.TP-Link Omada Controller Software versions prior to 5.0.15 are vulnerable to authorization issues, which stem from a lack of authentication measures or insufficient...
Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2022-59681)
Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. Microsoft HEVC Video Extensions is a remote code execution vulnerability that can be exploited by attackers to execute arbitrary code on a system...
Microsoft Office Visio Remote Code Execution Vulnerability (CNVD-2022-20139)
Microsoft Office is an office software suite of products from Microsoft Corporation USA. Microsoft Office Visio is vulnerable to remote code execution. The vulnerability is due to a boundary error in the processing of EMRCOMMENTEMFPLUS records in EMF images. A remote attacker could exploit this...
Microsoft Windows Common Log File System Driver Information Disclosure Vulnerability (CNVD-2022-84602)
Microsoft Windows Common Log File System Driver is a Common Log File System CLFS API from Microsoft that provides a common log file subsystem that can be used by dedicated client applications and shared by multiple clients to optimize log access. An information disclosure vulnerability exists in...
Google Chrome Autofill Security Bypass Vulnerability
Google Chrome is a web browser from Google, an American company. Google Chrome has a security vulnerability that can be exploited by attackers to bypass security restrictions...
Microsoft Defender permission permission and access control issues vulnerability
Microsoft Defender is a threat protection software from Microsoft Corporation USA. Microsoft Defender for IoT is vulnerable to privilege permission and access control issues. No details of the vulnerability are currently available...
Google Chrome ANGLE buffer overflow vulnerability
Google Chrome is a web browser from Google, Inc. Google Chrome ANGLE is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause arbitrary code execution...
Simple Bakery Shop Management SQL Injection Vulnerability
Simple Bakery Shop Management is a bakery management system. simple Bakery Shop Management is vulnerable to SQL injection and no detailed vulnerability details are available at this time...
Qt path traversal vulnerability
Qt is a cross-platform C application development framework from the Norwegian company Qt. It is widely used for developing GUI programs, in which case it is also known as the widget toolkit. It can also be used to develop non-GUI programs, such as console tools and servers.Qt versions prior to...
WordPress WS Form plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress WS Form plugin prior to 1.8.176, which stems from the WS...
Maxsite CMS File Upload Vulnerability
MaxSite CMS is a web content management system from the Russian MaxSite CMS open source project. Maxsite CMS is vulnerable to file uploads, which can be exploited by attackers to execute arbitrary code via crafted PHP files...
Tp-link TL-WR840N Remote Code Execution Vulnerability
The Tp-link TL-WR840N is a wireless router from China Pulian Tp-link.A remote code execution vulnerability exists in the Tp-link TL-WR840N, which stems from a remote code execution RCE vulnerability found to be contained via the oal wan6 setIpAddr function. No detailed vulnerability details are...
JetBrains TeamCity Code Issue Vulnerability (CNVD-2022-18623)
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reports.JetBrains TeamCity has a code issue vulnerability that stems from the product's...
Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2022-17683)
Oracle MySQL Server is a relational database from Oracle Corporation. Oracle MySQL Server is vulnerable to an input validation error that can be exploited by attackers to cause unauthorized creation, deletion, or modification of critical data or all MySQL Server-accessible data...
Unspecified Vulnerability in IBM Planning Analytics (CNVD-2022-13923)
IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. A security vulnerability exists in IBM Planning Analytics that stems from the vulnerability of IBM...
Cobbler has an unspecified vulnerability (CNVD-2022-18325)
Cobbler is a network installation server suite that is primarily used to quickly set up Linux network installation environments. security vulnerabilities exist in versions of Cobbler prior to 3.3.1, stemming from files in /etc/cobbler that are publicly readable, two of which contain some sensitiv...
Expat integer overflow vulnerability (CNVD-2022-18355)
Expat is a fast streaming XML parser written in C. An integer overflow vulnerability exists prior to Expat 2.4.5, which stems from the presence of an integer overflow in storeRawNames. No detailed vulnerability details are currently available...
snapd competition condition issue vulnerability
Snapd is an open source, cross-platform package management tool. snapd is vulnerable to a contention issue, which can be exploited by local attackers to gain root privileges and execute arbitrary code to gain privilege escalation by binding to mount their own content in snap's private mount...
KiCad buffer overflow vulnerability
Kicad is a free software for printed circuit board design from the KiCad Eda community. A security vulnerability exists in KiCad EDA, which stems from a stack buffer overflow vulnerability in the Viewer gerber and excellon GCodeNumber parsing functions in KiCad EDA 6.0.1 and master branches. An...
vim buffer overflow vulnerability (CNVD-2022-11188)
Vim is an editor based on the UNIX platform. A buffer overflow vulnerability exists in vim, which could be exploited by an attacker to input a specially crafted file, leading to a crash or code execution...
Adobe Illustrator null pointer dereference vulnerability (CNVD-2022-15929)
Adobe Illustrator is a vector-based image creation software from Adobe. Adobe Illustrator has a security vulnerability that could be exploited by attackers to launch an application denial of service in the context of the current user...
Adobe Illustrator Buffer Overflow Vulnerability (CNVD-2022-15940)
Adobe Illustrator is a vector-based image creation software from Adobe. Adobe Illustrator is vulnerable to a buffer overflow vulnerability that could be exploited to execute arbitrary code in the context of the current user...
D-Link DIR-X1860 has unspecified vulnerabilities
The D-Link Dir-X1860 is a dual-band router from D-Link China.A security vulnerability exists in the D-Link DIR-X1860, which stems from a reflected cross-site scripting attack in the D-Link DIR-X1860 web application prior to v1.10WWB09 Beta, which can be exploited by an attacker to sending a...
Xwiki Platform Cross-Site Scripting Vulnerability (CNVD-2022-13409)
Xwiki Platform is a wiki platform for creating web collaboration applications from the French company Xwiki. Xwiki Platform is vulnerable to cross-site scripting, which can be exploited to upload SVGs containing scripts executed when performing download operations on files when using the default...
Insyde InsydeH2O Buffer Overflow Vulnerability (CNVD-2022-10275)
Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System. Operating System H2O UEFI firmware has a buffer overflow vulnerability that can be exploited to write fixed...
Oracle MySQL Input Validation Error Vulnerability (CNVD-2022-09135)
Oracle MySQL Server is a relational database from Oracle Corporation. An input validation error vulnerability exists in MySQL Server that originates from an input validation error in the Server: Optimizer component in MySQL Server. An attacker can exploit this vulnerability to corrupt or delete...
GPAC Buffer Overflow Vulnerability (CNVD-2022-07643)
GPAC is an open source multimedia framework. Version v1.0.1 of GPAC has a security vulnerability that stems from a heap-based buffer overflow vulnerability in the gfisomdoviconfigget function of MP4Box, which could be exploited by an attacker to cause a denial of service or execute arbitrary code...
Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-17692)
Oracle MySQL Cluster is a write-scalable, real-time, ACID-compliant transactional database developed by Oracle Corporation USA. Oracle MySQL Cluster is vulnerable to an input validation error that could be exploited by attackers to corrupt or delete data...
Oracle Java SE Input Validation Error Vulnerability (CNVD-2022-15488)
Oracle Java SE is an Oracle Corporation USA product for developing and deploying Java applications on desktops, servers, and embedded devices and in real-time environments.Oracle Java SE is vulnerable to an input validation error that could be exploited by an attacker to cause an unauthorized...
Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-17693)
Oracle MySQL Cluster is a write-scalable, real-time, ACID-compliant transactional database developed by Oracle Corporation USA. Oracle MySQL Cluster is vulnerable to an input validation error that could be exploited by attackers to corrupt or delete data...
Oracle WebLogic Server Input Validation Error Vulnerability (CNVD-2022-05875)
Oracle WebLogic Server is an application services middleware from Oracle for cloud and traditional environments that provides a modern, lightweight development platform that supports full lifecycle management of applications from development to production and simplifies application deployment and...
F5 BIG-IP Cross-Site Scripting Vulnerability (CNVD-2022-72758)
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A cross-site scripting vulnerability exists in F5 BIG-IP, which can be exploited to run JavaScript in the context of the...